关闭

FreeBSD下使用Port安装Postfix反垃圾、病毒邮件系统 For MySQL

标签: freebsdmysqldomaindatabaseusertable
1513人阅读 评论(0) 收藏 举报

[附言]
本文使用MySQL作为认证数据库!
该附言或许不成其为什么许可证,但还是希望您尊重作者的愿望。
如果您发现有什么错误,请及时通知我,我将尽快作出修改。如果您在网上转载,那将是免费,但希望您附上本附言,并且注明出处的链接。如果您要把它用印刷物形式出版,请通过www.cnfug.org,或通过我的个人网站www.e-era.net跟本人接洽。
本文在FreeBSD4.10和5.3上安装测试通过,登录认证没有采用PAM方式。看了很多资料,但大多都是使用PAM,不明白cyrus-sasl2-saslauthd早就可以与MySQL、PgSQL进行认证了,为什么还在用第三方软件PAM来实现认证呢?
您在以本文作为根据配置电脑的时候,若出现任何故障,后果自负,与本作者无关。


Chapter 0. 准备数据库

代码:
 #建立两个数据库用户
#======================postfix==================================
INSERT INTO user (host,user,password) VALUES('localhost','postfix','');
update user set password=password('postfix') where User='postfix';
FLUSH PRIVILEGES;
GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "postfix";

#======================courier==================================
INSERT INTO user (host,user,password) VALUES ('localhost','courier','');
update user set password=password('courier') where User='courier';
FLUSH PRIVILEGES;
GRANT select,insert,update on mail.* TO courier;


#建立数据库
#=======================MAIL.SQL=================================

#Create mail database
CREATE DATABASE mail;
use mail;

#Create the aliases table
CREATE TABLE aliases (
   alias varchar(255) NOT NULL default '',
   rcpt varchar(255) default NULL,
   PRIMARY KEY (alias)
) TYPE=MyISAM;

#Create the transport table
CREATE TABLE transport (
   domain char(128) NOT NULL default '',
   transport char(128) NOT NULL default '',
   UNIQUE KEY domain (domain)
) TYPE=MyISAM;

#Create the virtua_users table
CREATE TABLE virtual_users (
   unique_id int(32) unsigned NOT NULL auto_increment,
   mail char(128) NOT NULL default '',
   password char(128) default NULL,
   uid int(10) unsigned default '125',
   gid int(10) unsigned default '125',
   home char(255) default NULL,
   maildir char(255) default NULL,
   date_add date default NULL,
   time_add time default NULL,
   domain char(128) default NULL,
   name char(255) default NULL,
   imapok tinyint(3) unsigned default '1',
   quota char(255) default '52428800',###缺省邮箱大小50M
   nickname varchar(10) default NULL,
   realname varchar(10) default NULL,
   office varchar(20) default NULL,
   PRIMARY KEY (id),
   KEY unique_id (unique_id)
) TYPE=MyISAM;



Chapter 1. 安装相关软件

1.1 安装 cyrus-sasl2-saslauthd
mail# cd /usr/ports/security/cyrus-sasl2
下载加密口令认证补丁,否则只能明码认证
mail# fetch http://www.viperstrike.com/~lopaka/sysadmi...e-sources/patch
mail# mv patch files/patch-lib::chkpw.c
mail# make -DWITH_MYSQL -DWITH_DEV_URANDOM -DWITHOUT_OTP -DWITHOUT_CRAM -DWITHOUT_DIGEST -DWITHOUT_NTLM install clean
mail# cd /usr/ports/security/cyrus-sasl2-saslauthd
mail# make install clean
mail# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

1.2 安装 postfix 和 cyrus-sasl
mail# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
mail# mv /usr/bin/mailq /usr/bin/mailq.OFF
mail# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
mail# mv /etc/rc.sendmail /etc/sendmail.OFF
mail# cd /usr/ports/mail/postfix
mail# make install clean
选择下面的内容:
[X] SASL2
[X] TLS
[X] MYSQL


mail# cd /usr/local/etc/rc.d
mail# ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail
mail# echo ‘postfix: root’ >> /etc/aliases
mail# /usr/local/bin/newaliases
mail# chown postfix:postfix /etc/opiekeys


1.3 安装expect
用于Web客户端建立邮件用户
mail# cd /usr/ports/lang/expect
mail# make install clean


1.4 安装Courier-imap
mail# cd /usr/ports/mail/courier-authlib
mail# make install clean
选择
[X] MYSQL
[X] AUTHUSERDB


mail# cd /usr/ports/mail/courier-imap
mail# make WITHOUT_OPENSSL=yes WITH_MYSQL=yes install clean
选择
[X] OPENSSL
[X] IPV6


mail# cd /usr/local/etc/courier-imap
mail# cp imapd.cnf.dist imapd.cnf
mail# cp pop3d.cnf.dist pop3d.cnf



Chapter 2. 配置邮件服务器

2.1 配置rc.conf,编辑/etc/rc.conf,加入
代码:
 saslauthd_enable="YES"
sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"


2.2 配置cyrus-sasl2-saslauthd
(1)配置sasl的lib库
代码:
在/etc/defaults/rc.conf文件里的ldconfig_paths="/usr/local/lib后面加上/usr/local/lib/sasl2"


(2)创建/usr/lib/sasl2/Sendmail.conf
代码:
pwcheck_method: saslauthd auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: PLAIN LOGIN
sql_hostnames: localhost
sql_user: postfix
sql_passwd: postfix
sql_database: mail
sql_select: select password from virtual_users where email='%u@%r'


(3)建立smtpd.conf连接
mail# ln -s /usr/lib/sasl2/Sendmail.conf /usr/lib/sasl2/smtpd.conf

(4)编辑/usr/local/etc/rc.d/saslauthd.sh
代码:
command="${prefix}/sbin/${name} -r"



2.3 配置postfix 和 cyrus-sasl
(1)创建/etc/periodic.conf
代码:
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"


(2)修改/usr/local/etc/postfix/main.cf,在文件最后加入以下内容
代码:
#======= BASE ==============
myhostname = mail.e-era.net
mydomain = e-era.net
home_mailbox = Maildir/
mydestination = $myhostname, $mydomain, $transport_maps
local_recipient_maps =
mailbox_command= /usr/local/bin/deliverquota -w 90 ~/Maildir
command_directory = /usr/local/sbin

#======= MYSQL =============
transport_maps = mysql:/usr/local/etc/postfix/transport.cf
virtual_gid_maps = mysql:/usr/local/etc/postfix/gids.cf
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual.cf
virtual_maps = mysql:/usr/local/etc/postfix/mysql.aliases.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/uids.cf

#======= Quota ============
message_size_limit = 5242880 //限制每次发邮件的大小5MB(请将此注解删除)
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mailboxsize-mysql.cf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 52428800 //总邮箱的大小50MB(请将此注解删除)

#====== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject
#smtpd_sasl_local_domain = $mydomain
smtpd_client_restrictions = permit_sasl_authenticated


(3)确认/usr/local/etc/postfix/master.cf的配置有如下内容
代码:
virtual unix - n n - - virtual


(4)编辑/usr/local/etc/postfix/transport.cf
代码:
user = postfix
password = postfix
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = localhost


(5)编辑/usr/local/etc/postfix/gids.cf
代码:
user = postfix
password= postfix
dbname = mail
table = virtual_users
select_field = gid
where_field = email
hosts = localhost


(6)编辑/usr/local/etc/postfix/uids.cf
代码:
user = postfix
password= postfix
dbname = mail
table = virtual_users
select_field = uid
where_field = email
hosts = localhost


(7)编辑/usr/local/etc/postfix/mysql_virtual.cf
代码:
user = postfix
password= postfix
dbname = mail
table = virtual_users
select_field = maildir
where_field = email
hosts = localhost


(Cool编辑/usr/local/etc/postfix/mysql.aliases.cf
代码:
user = postfix
password= postfix
dbname = mail
table = aliases
select_field = rcpt
where_field = alias
hosts = localhost


(9)编辑/usr/local/etc/postfix/mailboxsize-mysql.cf
代码:
user = postfix
password = postfix
dbname = mail
table = virtual_users
select_field = quota
where_field = email
hosts = localhost



2.4 配置Courier-imap
(1)修改/usr/local/etc/courier-imap/imapd
代码:

IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
IMAPDSTART=YES


(2)修改/usr/local/etc/courier-imap/imapd-ssl
代码:

IMAPDSSLSTART=NO
IMAPDSTARTTLS=NO
POP3DSTART=YES


(3)修改/usr/local/etc/courier-imap/pop3d
代码:

POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"


(4)修改/usr/local/etc/courier-imap/pop3d-ssl
代码:
POP3DSSLSTART=NO
POP3_STARTTLS=NO


(5)编辑修改/usr/local/etc/authlib/authmysqlrc 示例:authmysqlrc
代码:

##VERSION: $Id: install.sgml,v 1.2 2004/11/02 06:04:15 wt Exp $
#
# Copyright 2000-2004 Double Precision, Inc.  See COPYING for
# distribution information.
#               
# Do not alter lines that begin with ##, they are used when upgrading       
# this configuration.
#
# authmysqlrc created from authmysqlrc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions.  This file     
# might contain the MySQL admin password!
#
# Each line in this file must follow the following format:       
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value.  Trailing spaces are prohibited.
 

##NAME: LOCATION:0
#                               
# The server name, userid, and password used to log in.                 

MYSQL_SERVER            localhost
MYSQL_USERNAME          courier
MYSQL_PASSWORD          courier

##NAME: MYSQL_SOCKET:0
#
# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
# filesystem pipe used for the connection
#
MYSQL_SOCKET            /tmp/mysql.sock

##NAME: MYSQL_PORT:0
#
# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
# connect to.

MYSQL_PORT              3306

##NAME: MYSQL_OPT:0
#
# Leave MYSQL_OPT as 0, unless you know what you're doing.

MYSQL_OPT               0

##NAME: MYSQL_DATABASE:0
#
# The name of the MySQL database we will open:

MYSQL_DATABASE          mail

##NAME: MYSQL_USER_TABLE:0
#
# The name of the table containing your user data.  See README.authmysqlrc
# for the required fields in this table.

MYSQL_USER_TABLE        virtual_users

##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined.  Both
# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
# passwords go into MYSQL_CLEAR_PWFIELD.  Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.

MYSQL_CRYPT_PWFIELD     password

##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
# MYSQL_CLEAR_PWFIELD   clear

##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN                example.com

##NAME: MYSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# MYSQL_UID_FIELD - contains the numerical userid of the account
#
MYSQL_UID_FIELD         uid

##NAME: MYSQL_GID_FIELD:0
#
# Numerical groupid of the account

MYSQL_GID_FIELD         gid

##NAME: MYSQL_LOGIN_FIELD:0
#
# The login id, default is id.  Basically the query is:
#
#  SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
#

MYSQL_LOGIN_FIELD       id

##NAME: MYSQL_HOME_FIELD:0
#

MYSQL_HOME_FIELD        home

##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)

MYSQL_NAME_FIELD        name

##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD     maildir

##NAME: MYSQL_DEFAULTDELIVERY:0
#
# Courier mail server only: optional field specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd
#
# MYSQL_DEFAULTDELIVERY defaultdelivery

##NAME: MYSQL_QUOTA_FIELD:0
#
# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota.  See README.maildirquota for more information
#
MYSQL_QUOTA_FIELD       quota

##NAME: MYSQL_AUXOPTIONS:0
#
# Auxiliary options.  The MYSQL_AUXOPTIONS field should be a char field that
# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
# pairs.  These names are additional attributes that define various per-account
# "options", as given in INSTALL's description of the "Account OPTIONS"
# setting.
#
# MYSQL_AUXOPTIONS_FIELD        auxoptions
#
# You might want to try something like this, if you'd like to use a bunch
# of individual fields, instead of a single text blob:
#
# MYSQL_AUXOPTIONS_FIELD        CONCAT("disableimap=",disableimap,",
#disablepop3=",disablepop3,",di
#sablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
#
# This will let you define fields called "disableimap", etc, with the end result
# being something that the OPTIONS parser understands.


##NAME: MYSQL_WHERE_CLAUSE:0
#
# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
# MYSQL_WHERE_CLAUSE    server='mailhost.example.com'


##NAME: MYSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
#
# The username field should include the domain (see example below).
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
#               $(local_part), $(domain), $(service)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# $(service) will expand out to the service being authenticated: imap, imaps,
# pop3 or pop3s.  Courier mail server only: service will also expand out to
# "courier", when searching for local mail account's location.  In this case,
# if the "maildir" field is not empty it will be used in place of
# DEFAULTDELIVERY.  Courier mail server will also use esmtp when doing
# authenticated ESMTP.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# MYSQL_SELECT_CLAUSE   SELECT CONCAT(popbox.local_part, '@', popbox.domain_name),
/
#                       CONCAT('{MD5}', popbox.password_hash),          /
#                       popbox.clearpw,                                 /
#                       domain.uid,                                     /
#                       domain.gid,                                     /
#                       CONCAT(domain.path, '/', popbox.mbox_name),     /
#                       '',                                             /
#                       domain.quota,                                   /
#                       '',                                             /
#                       CONCAT("disableimap=",disableimap,",disablepop3=",    /
#                              disablepop3,",disablewebmail=",disablewebmail, /
#                              ",sharedgroup=",sharedgroup)             /
#                       FROM popbox, domain                             /
#                       WHERE popbox.local_part = '$(local_part)'       /
#                       AND popbox.domain_name = '$(domain)'            /
#                       AND popbox.domain_name = domain.domain_name


##NAME: MYSQL_ENUMERATE_CLAUSE:0
#
# {EXPERIMENTAL}
# Optional custom SQL query used to enumerate accounts for authenumerate,
# in order to compile a list of accounts for shared folders.  The query
# should return the following fields: name, uid, gid, homedir, maildir
#
# Example:
# MYSQL_ENUMERATE_CLAUSE        SELECT CONCAT(popbox.local_part, '@',
#popbox.domain_name),
        /
#                       domain.uid,                                     /
#                       domain.gid,                                     /
#                       CONCAT(domain.path, '/', popbox.mbox_name),     /
#                       ''                                              /
#                       FROM popbox, domain                             /
#                       WHERE popbox.local_part = '$(local_part)'       /
#                       AND popbox.domain_name = '$(domain)'            /
#                       AND popbox.domain_name = domain.domain_name



##NAME: MYSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
#       $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# MYSQL_CHPASS_CLAUSE   UPDATE  popbox                                  /
#                       SET     clearpw='$(newpass)',                   /
#                               password_hash='$(newpass_crypt)'        /
#                       WHERE   local_part='$(local_part)'              /
#                       AND     domain_name='$(domain)'
#



(4)编辑/usr/local/etc/authlib/authdaemonrc
代码:
authmodulelist="authmysql authpam authuserdb"
authmodulelistorig="authmysql authpam authuserdb"
version="authdaemond.mysql"




重启服务器

(5)接着检查端口,应该有如下端口打开:
mail# netstat -an |grep LISTEN
代码:

tcp4       0      0  *.110                  *.*                    LISTEN
tcp6       0      0  *.110                  *.*                    LISTEN
tcp4       0      0  *.143                  *.*                    LISTEN
tcp6       0      0  *.143                  *.*                    LISTEN
tcp4       0      0  *.25                   *.*                    LISTEN



Chapter 3. 设置域、用户并测试

3.1 设置第一个用户
用crypt.php生成密码:$1$qn1DoKGc$WImkcvfT9NPgYm57AfetK.
代码:
#建立用户数据
use mail;
insert aliases values('postmaster@e-era.net','webmaster@e-era.net');
insert transport values('e-era.net','virtual:');
INSERT INTO virtual_users (id,home,password,maildir,date_add,time_add,domain,name)
VALUES ('webmaster@e-era.net','/var/mail/',encrypt('888888'),'e-era.net/webmaster/Maildir/','2005-03-10','16:28:24','e-era.net','webmaster');


设置用户的目录与权限:
mail# mkdir -p /var/mail/e-era.net/webmaster
mail# /usr/local/bin/maildirmake /var/mail/e-era.net/webmaster/Maildir
mail# chmod -R 700 /var/mail/e-era.net/
mail# chown -R postfix:postfix /var/mail/e-era.net

至此用户设置完毕,这里只使用一个域名,同理可以设置多个域名。



3.2 用户登录测试
使用任何其它的邮件客户端程序来测试,如foxmail、Outlook Express等等。


3.3 建立其他用户
用crypt.php生成密码:$1$qn1DoKGc$WImkcvfT9NPgYm57AfetK.
代码:
#建立其他用户数据
use mail;
INSERT INTO virtual_users (id,home,password,maildir,date_add,time_add,domain,name)
VALUES ('demo@e-era.net','/var/mail/',encrypt('demo'),'e-era.net/demo/Maildir/','2005-03-10','16:28:24','e-era.net','demo');


设置用户的目录与权限:
mail# mkdir -p /var/mail/hzpc.cn/demo
mail# /usr/local/bin/maildirmake /var/mail/hzpc.cn/demo/Maildir
mail# chmod -R 700 /var/mail/hzpc.cn/
mail# chown -R postfix:postfix /var/mail/hzpc.cn



Chapter 4. 防病毒与防垃圾邮件

4.1 安装Clamav
mail# cd /usr/ports/security/clamav
mail# make install clean
注:MILTER不用选中

重启服务器

4.2 测试并升级病毒库
mail# clamscan -r -i /usr/local/www/data
----------- SCAN SUMMARY -----------
Known viruses: 22838
Scanned directories: 1
Scanned files: 31
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 1.298 sec (0 m 1 s)


升级病毒库
mail# freshclam


4.3 安装amavisd-new
mail# cd /usr/ports/security/amavisd-new
mail# make install clean
选中
[X] MYSQL


编辑/etc/rc.conf,加入
代码:
amavisd_enable="YES"


修改/usr/local/etc/amavisd.conf
代码:
$mydomain = 'example.com'; #改成$mydomain = 'e-era.net';
#$notify_method  = 'smtp:[127.0.0.1]:10025';
#$forward_method = 'smtp:[127.0.0.1]:10025';


修改/usr/local/etc/postfix/master.cf,最后加入
代码:
smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200         
127.0.0.1:10025 inet n  -       n       -       -  smtpd     
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000


重启服务器


4.4 安装配置Spamassassin
在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-new,那Spamassassin 也已经安装好了。
添加需要的用户
mail# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
mail# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin

修改/usr/local/etc/mail/spamassassin/local.cf
代码:
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15


修改/usr/local/etc/amavisd.conf,在MUST BE SET (no useful default)一段下面增加
代码:
$max_requests = 10;
$child_timeout=5*60;
@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );
$final_spam_destiny = D_PASS;
read_hash(/%whitelist_sender, '/var/amavis/whitelist');
read_hash(/%blacklist_sender, '/var/amavis/blacklist');
read_hash(/%spam_lovers, '/var/amavis/spam_lovers');


建立所需要的文件
mail# touch /var/amavis/whitelist
mail# touch /var/amavis/blacklist
mail# touch /var/amavis/spam_lovers
mail# chown vscan /var/amavis/whitelist
mail# chown vscan /var/amavis/blacklist
mail# chown vscan /var/amavis/spam_lovers
mail# echo spam@e-era.net >> /var/amavis/spam_lovers
mail# echo notspam@e-era.net >> /var/amavis/spam_lovers

修改/usr/local/etc/postfix/main.cf,添加
代码:
 [color=purple]content_filter = smtp-amavis:[127.0.0.1]:10024[/color]


建立自动学习体系
mail# ee /usr/local/sbin/my-sa-learn.sh
代码:
#!/bin/sh
if [ -e /var/mail/spam ]; then
/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
rm /var/mail/spam > /dev/null
fi

if [ -e /var/mail/notspam ]; then
/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
rm /va/mail/notspam > /dev/null
fi


mail# chmod a+x /usr/local/sbin/my-sa-learn.sh

建立学习知识库:
mail# /usr/local/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs

加入自动运行:
mail# crontab -e
代码:
5 0 * * * /usr/local/sbin/my-sa-learn.sh


重启服务器,完成



Chapter 5. 参考

Postfix集成环境(Postfix + MySQL + Cyrus-sasl2 + Courier-imap + iGENUS + Postfixadmin)
http://journal.cnfug.org/issue15/000088.html

Postfix oparty na bazie MySQL i panelu Postfixadmin
http://www.freebsd.hello.pl/files/modules....=article&sid=76

架构基于FreeBSD和Postfix的邮件系统
http://mske.com/index.php?option=content&t...id=10&Itemid=28

Postfix, Courier-Imap, mit Sasl2 und MySQL Authentifizierung
http://www.bsdforen.de/showthread.php?t=7225
 
0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:481568次
    • 积分:6692
    • 等级:
    • 排名:第3504名
    • 原创:212篇
    • 转载:30篇
    • 译文:0篇
    • 评论:41条
    文章分类
    最新评论